Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Xtremio_x2_firmware | Dell | * | 6.4.1-11 (excluding) |